<?php
    session_start();
    header('X-Frame-Options: DENY');
    include('conn.php');
    include('verify_user.php');
    require 'anti_csrf.php';
    
    if((!preg_match('/^[\w]{1,15}$/', $_GET['id'])) || (!preg_match('/^[a-zA-Z][\w ]{0,14}$/', $_GET['shop']))) {
        die('Invalid username or shop name');
    }
    
    if($cur_user != $_GET['id']) {
        die("Have no right to access");
    } else {
        $shop_name = $_GET['shop'];
        
        pg_prepare($con, 'prepare6', "SELECT * FROM shops WHERE shop_name=$1 and shop_owner=$2") or die("Could not prepare statement 6");
        $rs = pg_execute($con, 'prepare6', array($shop_name, $cur_user)) or die("Could not execute prepare6");
        if((pg_num_rows($rs)) > 0) {
            ;   
        } else {
            die("No such shop or have no right to access");
        }
    }
?>

<html lang="en">
<head>
    <title>TechBay | Manage Shop</title>
    <link href="../css/techbey.css" rel="stylesheet" type="text/css">
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js"></script>
    <script type="text/javascript" src="../js/shop.js"></script>
</head>
<body>
    <script>if (top != self) { top.location = self.location; }</script>
    <div id="headerBar">
        <div class="container">
            <div class="left">
                <a href="/"><h1 title="logo" id="Logo">T<span id="ech">ech</span>BAY</h1></a>
            </div>
            <div class="account_relative">
                <ul>
                    <li>
                        <div class="signoutBar">
                            <a id="signout" class='btn' href="signout.php">Logout</a>
                        </div>
                    </li>
                    <li>
                        <div class="myaccountBar">
                            <?php
                                echo '<a id="signout" class="btn" href="account.php?id='. $cur_user .'">My Account</a>';
                            ?>
                        </div>
                    </li>
                </ul>
            </div>
        </div>
    </div>
    <div  id="wrapper">
        <div class="left" id="left_navigation">
            <table class="lNaviBar">
                <tr>
                    <td>
                        <a id="shopHomeBtn" class="lnavbtn" href="/">Shop Home</a>
                    </td>
                </tr>
                <tr>
                    <td>
                        <a id="addItemBtn" class="lnavbtn" href="/">Add Item</a>
                    </td>
                </tr>
            </table>
        </div>
        <div id="main">
            <div class="container">
                <div id="shopHomeSect">
                    <div id="itemlist">
                        <?php
                            $shop_name = $_GET['shop'];
                                
                            if(!isset($_GET['page'])) {
                                $cur_page = 1;
                            } else {
                                $cur_page = $_GET['page'];
                                if(!preg_match('/^\d+$/', $cur_page)) {
                                    die('Invalid page number!');
                                }
                            }
                                
                            $start_entry = ($cur_page - 1) * 16;
                    
                            $query = 'SELECT * FROM items WHERE (item_id NOT IN (SELECT item_id FROM items WHERE item_shop=$1 ORDER BY item_id DESC LIMIT $2)) AND item_shop=$3 ORDER BY item_id DESC LIMIT 16';
                            //$query = "SELECT * FROM items WHERE item_shop=$1";
                            pg_prepare($con, 'prepare5', $query) or die("Could not prepare statement");
                            $rs = pg_execute($con, 'prepare5', array($shop_name, $start_entry, $shop_name)) or die("Cannot execute query");
                            
                            echo "<table class='mainTable'>";
                            while ($row=pg_fetch_assoc($rs)) {
                                echo "<tr>";
                                echo "<td>" . "<a class='item_name' href=item_detail.php?itemid=" . $row['item_id'] . ">" . $row['item_name'] . "</a>" . "</td>" . "<td>" . $row['item_category'] . "</td>" . "<td>" . $row['item_price'] . "</td>" . "<td>" . $row['item_stock'] . "</td>";
                                echo "</tr>";
                            }
                            echo "</table>";
                        ?>
                    </div>
                    <div class="page_list">
                        <?php
                            pg_prepare($con, "page_list_query", "SELECT * FROM items WHERE item_shop=$1");
                            $rs = pg_execute($con, "page_list_query", array($shop_name));
                            $row_num = pg_num_rows($rs);
                            $max_page = ceil($row_num / 16);
                            
                            $hide_previous = '';
                            $hide_next = '';
                            
                            echo '<table class="page_relative">';
                            if($cur_page == 1) {
                                $hide_previous = 'class="hidden" ';
                            }
                            if($cur_page >= $max_page) {
                                $hide_next = 'class="hidden" ';
                            }
                            
                            $previous_page = $cur_page - 1;
                            $next_page = $cur_page + 1;
                            
                            echo '<tr><td><a id="padding"> </a></td><td></td><td><a id="padding"> </a></td></tr>';
                            echo '<tr><td><a href="shop.php?page='. $previous_page .'&id='.$cur_user.'&shop='.$shop_name.'" id="index_previous" '. $hide_previous.'>previous</a></td><td><a id="index_page">'. $cur_page .'/'. $max_page .'</a></td><td><a href="shop.php?page='. $next_page .'&id='.$cur_user.'&shop='.$shop_name.'" id="index_next" ' . $hide_next .'>next</a></td></tr>'; //https
                            echo '</table>';
                            pg_close($con);
                        ?>
                    </div>
                </div>
                <div id="addItemSect">
                    <div class="container">
                        <form enctype="multipart/form-data" id="addItemForm" class="mainForm" method="post" action="additem.php">
                        <?php
                            $CSRF_name="CSRFGuard_".mt_rand(0,mt_getrandmax());
                            $CSRF_token=csrfguard_generate_token($CSRF_name);
                            echo "<input type='hidden' name='CSRFName' value='$CSRF_name' />";
                            echo "<input type='hidden' name='CSRFToken' value='$CSRF_token' />";
                        ?>
                            <table>
                                <tr>
                                    <td><a class="textInAddItemForm">Item Picture:</a></td>
                                    <td><input type="file" id="upload_item_img" name="addItem_img"></td>
                                </tr>
                                <tr>
                                    <td><a class="textInAddItemForm">Item Name:</a></td>
                                    <td><input type="text" id="addItem_itemname" name="addItem_itemname"></td>
                                </tr>
                                <tr>
                                    <td><a class="textInAddItemForm">Category:</a></td>
                                    <td>
                                        <select id="addItem_category" name="addItem_category">
                                            <option>Home</option>
                                            <option>Electronics</option>
                                            <option>Clothing</option>
                                            <option>Shoes</option>
                                        </select>
                                    </td>
                                </tr>
                                <tr>
                                    <td><a class="textInAddItemForm">Description:</a></td>
                                    <td><input type="text" id="addItem_desc" name="addItem_desc"></td>
                                </tr>
                                <tr>
                                    <td><a class="textInAddItemForm">Price:</a></td>
                                    <td><input type="text" id="addItem_price" name="addItem_price"></td>
                                </tr>
                                <tr>
                                    <td><a class="textInAddItemForm">Stock:</a></td>
                                    <td><input type="text" id="addItem_stock" name="addItem_stock"></td>
                                </tr>
                                <?php
                                    echo '<input type="text" class="hidden" value="'. $shop_name .'" name="addItem_shop">'    
                                ?>
                                <tr>
                                    <td></td>
                                    <td><input type="submit" class="right" value="Add Item"></td>
                                </tr>
                            </table>
                        </form>
                    </div>
                </div>
            </div>
        </div>
        <div class="right" id="right_navigation">
            
        </div>
    </div>
    <div id="footerBar">
        <div class="container">
            <p class="textInFooter">Jie Dong & Fang Yang 2012</p>
        </div>  
    </div>
</body>
</html>
